What’s the Difference Between DV, OV, IV, and EV Certificates?
Although all X.509 certificates use similar methods to assure encryption, authentication, and integrity, they vary significantly in the information they include about the identities that they secure. A useful way to categorize certificates is by the method used by the certificate authority (CA) to validate the subject information included in the certificate:
- Domain Validation (DV) is the lowest level of validation, and verifies that whoever requests the certificate controls the domain that it protects.
- Organization Validation (OV) verifies the identity of the organization (e.g. a business, nonprofit, or government organization) of the certificate applicant.
- Individual Validation (IV) verifies the identity of the individual person requesting the certificate.
- Extended Validation (EV), like OV, verifies the identity of an organization. However, EV represents a higher standard of trust than OV and requires more rigorous validation checks to meet the standard of the CA/Browser Forum’s Extend.
Read on to find out how to view certificate information in a web browser, and much more about these validation types:
“Click the Lock” to View Certificate Information in a Web Browser
In modern desktop web browsers, a website secured by a valid, trusted SSL/TLS certificate will display a closed padlock to the left of the website’s URL in the address bar.
If you want to find out more about the website’s certificate, such as the validation information included, simply click the lock:
Domain validated or DV certificates are the most common type of SSL/TLS certificate. They are verified using only the domain name. Typically, the CA exchanges confirmation email with an address listed in the domain’s WHOIS record. Alternatively, the CA provides a verification file which the owner places on the website to be protected, or the applicant creates a DNS record verifying control of the comain the CA. Any of these methods confirms that the domain is controlled by the party requesting the certificate. Please see SSL.com’s Domain Validation requirements for information about the DV methods we support.
What does a DV Certificate look like in a web browser?
After clicking the lock in a web browser on a website with a DV certificate, you will only see that the site has a valid SSL/TLS certificate:
You can dig deeper by viewing the certificate’s Subject field. In Chrome you can do this by clicking Certificate (Valid), then choosing the Details tab and the Subject field. A Domain-Validated (DV) certificate will only the Common Name (CN) field, including the domain name that the certificate protects:
OV and IV Certificates
Organization Validated (OV) and Individual Validated (IV) certificates require more validation than DV certificates, but provide more trust. For these types, the CA will verify the actual organization or individual person that is attempting to get the certificate. The organization’s or individual’s name is also listed in the certificate, giving added trust that both the website and its owner are reputable.
OV certificates are often used by corporations, governments and other entities that want to provide an extra layer of confidence to their visitors. Aside from SSL/TLS certificates, OV and IV are also commonly used for code signing, document signing, client authentication, and S/MIME email certificates. For more information, please refer to SSL.com’s OV and IV requirements.
What does an OV or IV Certificate look like in a web browser?
When you click the lock to view certificate information in a web browser, an OV or IV certificate looks the same as a DV certificate; the browser displays that the website has a valid SSL/TLS certificate.
Digging deeper in Chrome by clicking Certificate (valid), then selecting the Details tab and Subject field you can see that the certificate includes the URL, as well as details about the company running the website. This information was verified by the CA that issued the certificate, so you can have confidence in the identity of the website’s owner.
Extended validation or EV certificates provide the maximum amount of trust to visitors, and also require the most effort by the CA to validate. Per guidelines set by the CA/Browser Forum, extra documentation must be provided to issue an EV certificate (as described in SSL.com’s EV requirements). As with OV, EV lists the company name in the certificate itself. EV certificates may only be issued to businesses and other registered organizations, not to individuals.
An EV code signing certificate is required to sign Windows 10 drivers and provides an instant SmartScreen reputation boost. If you’re not sure which code signing certificate you need, please read this FAQ.
What does an EV Certificate look like in a web browser?
If you click the lock to view a website’s SSL/TLS certificate and the site is protected with an EV certificate, the name of the website’s owner will be displayed:
As with other validation types, you can dig deeper for more information. In Chrome, click Certificate (Valid), then select the Details tab and Subject field. The information shown about the website’s owner is CA-validated, so you can trust that the entity operating the website is who they claim to be.
Need More Information?
DV certificates are common and inexpensive. However, OV, IV, and EV certificates provide users with extra, CA-validated information that they can use to decide if the owner of a website, sender of an email, or digital signatory of executable code or PDF documents is trustworthy. For some types of certificates, these more thorough validation types are required for certificate issuance, such as with Adobe-trusted document signing certificates (OV/IV) or code signing certificates for Windows drivers (EV). The extra information provided in OV, IV, and EV certificates is also a great way for website owners to protect their customers from phishing.
Check out the pages and video shown below for SSL.com’s validation requirements for DV, OV, IV, and EV certificates:
- Domain Validation (DV) Requirements
- Organization Validation (OV) and Individual Validation (IV) Requirements
- Extended Validation (EV) Requirements